34 lines
785 B
Markdown
34 lines
785 B
Markdown
## Secrets
|
|
|
|
ansible vault secrets are stored in [group_vars/all/vault.yml](group_vars/all/vault.yml)
|
|
|
|
Note that the directory path and filename are important.
|
|
|
|
The format of the file is
|
|
|
|
```yaml
|
|
---
|
|
become_pass: <ansible_user_become_pass>
|
|
```
|
|
|
|
Secrets required for Terraform can be stored in a file:
|
|
|
|
ex. terraform/.secrets which is already ignored by Git
|
|
|
|
Required variables:
|
|
|
|
```shell
|
|
export TF_VAR_cloudflare_token=<cloudflare_token>
|
|
export TF_VAR_zone_id=<cloudflare_zone_id>
|
|
export TF_VAR_account_id=<cloudflare_account_id>
|
|
export TF_VAR_tunnel_secret=<tunnel_secret>
|
|
```
|
|
|
|
Note the cloudflare token requires Zone/DNS:edit and Account/Cloudflare Tunnel:edit privs
|
|
|
|
I generate tunnel secrets with this command:
|
|
|
|
```shell
|
|
hexdump -vn32 -e'4/4 "%08X"' /dev/urandom | base64 -w0 -
|
|
```
|